From: Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) Date: Mon, 4 Mar 2024 15:17:21 +0000 (+0000) Subject: Pull request #4234: Rename Kaizen to Snort ML. X-Git-Tag: 3.1.82.0~10 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fc8ecb43efd048f8af172eba6e671857cc572dc3;p=thirdparty%2Fsnort3.git Pull request #4234: Rename Kaizen to Snort ML. Merge in SNORT/snort3 from ~OSHUMEIK/snort3:rename_ml to master Squashed commit of the following: commit 7508b261bf66ef79e93ae300c5dee1287898b294 Author: Oleksii Shumeiko Date: Fri Mar 1 15:55:49 2024 +0200 kaizen: rename to Snort ML --- diff --git a/configure_cmake.sh b/configure_cmake.sh index ad93cc69a..9b312d6c5 100755 --- a/configure_cmake.sh +++ b/configure_cmake.sh @@ -124,7 +124,7 @@ Optional Packages: libml include directory --with-libml-libraries=DIR libml library directory - --without-libml build Kaizen ML with mock of LibML + --without-libml build Snort ML with mock of LibML Some influential variable definitions: SIGNAL_SNORT_RELOAD= diff --git a/src/network_inspectors/kaizen/dev_notes.txt b/src/network_inspectors/kaizen/dev_notes.txt index 08a0d0df1..b8a3dc0a0 100644 --- a/src/network_inspectors/kaizen/dev_notes.txt +++ b/src/network_inspectors/kaizen/dev_notes.txt @@ -1,21 +1,21 @@ -Kaizen ML is a neural network-based exploit detector for the Snort intrusion +Snort ML is a neural network-based exploit detector for the Snort intrusion prevention system. It is designed to not only learn to detect known attacks from training data, but also learn to detect attacks it has never seen before. -Kaizen uses TensorFlow, included as LibML library. +Snort ML uses TensorFlow, included as LibML library. Global configuration sets the trained network model to use. For example: - kaizen_ml_engine.http_param_model = { 'model.file' } + snort_ml_engine.http_param_model = { 'model.file' } While per policy configuration sets data source and inspection depth in the selected Inspection policy. The following example enables two sources, HTTP URI and HTTP body: - kaizen_ml.uri_depth = -1 - kaizen_ml.client_body_depth = 100 + snort_ml.uri_depth = -1 + snort_ml.client_body_depth = 100 Trace messages are available: -* trace.modules.kaizen_ml.classifier turns on messages from Kaizen +* trace.modules.snort_ml.classifier turns on messages from Snort ML diff --git a/src/network_inspectors/kaizen/kaizen_engine.cc b/src/network_inspectors/kaizen/kaizen_engine.cc index 2e592e72c..38c45106d 100644 --- a/src/network_inspectors/kaizen/kaizen_engine.cc +++ b/src/network_inspectors/kaizen/kaizen_engine.cc @@ -123,7 +123,7 @@ string KaizenEngine::read_model() if (!get_config_file(hint, path) || !get_file_size(path, size)) { - ParseError("kaizen_ml_engine: could not read model file: %s", hint); + ParseError("snort_ml_engine: could not read model file: %s", hint); return {}; } @@ -131,13 +131,13 @@ string KaizenEngine::read_model() if (!file.is_open()) { - ParseError("kaizen_ml_engine: could not read model file: %s", hint); + ParseError("snort_ml_engine: could not read model file: %s", hint); return {}; } if (size == 0) { - ParseError("kaizen_ml_engine: empty model file: %s", hint); + ParseError("snort_ml_engine: empty model file: %s", hint); return {}; } diff --git a/src/network_inspectors/kaizen/kaizen_engine.h b/src/network_inspectors/kaizen/kaizen_engine.h index c0961ff55..7c7381ba5 100644 --- a/src/network_inspectors/kaizen/kaizen_engine.h +++ b/src/network_inspectors/kaizen/kaizen_engine.h @@ -24,7 +24,7 @@ #include "framework/inspector.h" -#define KZ_ENGINE_NAME "kaizen_ml_engine" +#define KZ_ENGINE_NAME "snort_ml_engine" #define KZ_ENGINE_HELP "configure machine learning engine settings" class BinaryClassifier; diff --git a/src/network_inspectors/kaizen/kaizen_inspector.cc b/src/network_inspectors/kaizen/kaizen_inspector.cc index d77022ec5..10744ba60 100644 --- a/src/network_inspectors/kaizen/kaizen_inspector.cc +++ b/src/network_inspectors/kaizen/kaizen_inspector.cc @@ -179,7 +179,7 @@ bool Kaizen::configure(SnortConfig* sc) if(!InspectorManager::get_inspector(KZ_ENGINE_NAME, true, sc)) { - ParseError("kaizen_ml requires %s to be configured in the global policy.", KZ_ENGINE_NAME); + ParseError("snort_ml requires %s to be configured in the global policy.", KZ_ENGINE_NAME); return false; } diff --git a/src/network_inspectors/kaizen/kaizen_module.cc b/src/network_inspectors/kaizen/kaizen_module.cc index a0d99c56e..3baec15ef 100644 --- a/src/network_inspectors/kaizen/kaizen_module.cc +++ b/src/network_inspectors/kaizen/kaizen_module.cc @@ -46,7 +46,7 @@ static const Parameter kaizen_params[] = static const RuleMap kaizen_rules[] = { - { KZ_SID, "potential threat found in http parameters via Neural Network Based Exploit Detection" }, + { KZ_SID, "potential threat found in HTTP parameters via Neural Network Based Exploit Detection" }, { 0, nullptr } }; @@ -63,7 +63,7 @@ static const PegInfo peg_names[] = #ifdef DEBUG_MSGS static const TraceOption kaizen_trace_options[] = { - { "classifier", TRACE_CLASSIFIER, "enable Kaizen ML classifier trace logging" }, + { "classifier", TRACE_CLASSIFIER, "enable Snort ML classifier trace logging" }, { nullptr, 0, nullptr } }; #endif @@ -103,7 +103,7 @@ bool KaizenModule::end(const char*, int, snort::SnortConfig*) { if (!conf.uri_depth && !conf.client_body_depth) ParseWarning(WARN_CONF, - "If neither of Kaizen ML source depth is set, it won't process traffic."); + "Neither of snort_ml source depth is set, snort_ml won't process traffic."); return true; } diff --git a/src/network_inspectors/kaizen/kaizen_module.h b/src/network_inspectors/kaizen/kaizen_module.h index da2fce444..59624bddf 100644 --- a/src/network_inspectors/kaizen/kaizen_module.h +++ b/src/network_inspectors/kaizen/kaizen_module.h @@ -28,7 +28,7 @@ #define KZ_GID 411 #define KZ_SID 1 -#define KZ_NAME "kaizen_ml" +#define KZ_NAME "snort_ml" #define KZ_HELP "machine learning based exploit detector" enum { TRACE_CLASSIFIER };